[openssl-dev] [RFC v2 2/2] pem: load engine keys
Roumen Petrov
openssl at roumenpetrov.info
Tue Dec 6 21:31:59 UTC 2016
Hi Richard,
Richard Levitte wrote:
> [SNIP]
> James.Bottomley> 1. We agreed that usability is greatly enhanced if openssl simply loads
> James.Bottomley> a key when presented with the file/uri etc. without the user having
> James.Bottomley> to specify what the format of a key is
>
> Check. My STORE branch is made to support that.
One URI could represent more then one item.
STORE_INFO_types is enumerate but URI could be associated to custom data
(handle) and this data could be used to get other data(handles).
See capi engine CAPI_KEY *capi_find_key(CAPI_CTX * ctx, const char *id)
..
hstore = capi_open_store(ctx, NULL);
if (!hstore)
return NULL;
cert = capi_find_cert(ctx, id, hstore);
if (cert) {
key = capi_get_cert_key(ctx, cert);
CertFreeCertificateContext(cert);
}
CertCloseStore(hstore, 0);
..
Is above case PKEY is loaded only if CERT is located(found).
I guess that STORE_INFO_types could be bit-mask and to support
application specific data in addition.
[SNIP]
Roumen
More information about the openssl-dev
mailing list